package com.lz.yz.security;

import com.lz.yz.base.util.EscapeUtil;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;


public class XSSRequestWrapper extends HttpServletRequestWrapper {

    private static Log log = LogFactory.getLog(XSSRequestWrapper.class);

    public XSSRequestWrapper(HttpServletRequest servletRequest) {
        super(servletRequest);
    }
    @Override
    public String[] getParameterValues(String parameter) {
        String[] values = super.getParameterValues(parameter);
        if (values == null) {
            return null;
        }
        int count = values.length;
        String[] encodedValues = new String[count];
        for (int i = 0; i < count; i++) {
            String ret =  EscapeUtil.stripXSS(values[i]);
//        	if(log.isDebugEnabled())
//        		log.debug(  "paramterValues:" + values[i] +"-->"  + ret);
            encodedValues[i] = ret;
        }
        return encodedValues;
    }
    @Override
    public String getParameter(String parameter) {
        String value = super.getParameter(parameter);
        String ret =  EscapeUtil.stripXSS(value);
        return ret;
    }
    @Override
    public String getHeader(String name) {
        String value = super.getHeader(name);
        String ret =  EscapeUtil.stripHeaderXSS(value);
        if(log.isDebugEnabled())
            log.debug(  "header, name=" +name+", value=" + value +"-->"  + ret);
        return ret;
    }

}
